CDP is defined as the location where CRL can be retrieved from. This is web-based location and should be able to access via HTTP. This list will be used by the certificate validator to verify the given certificate is not in revocation list.

Before we do this, we need to prepare the web server for that task. It should be a web server in domain as the issuing CA also in a domain.

In my demo, I am going to use the same issue CA as the CDP location.

The web server can be installed using the following command:

Install-WindowsFeature Web-WebServer -IncludeManagementTools

Next, create a folder and create share so that can be use as the virtual directory:

mkdir C:\CertEnroll New-smbshare -name CertEnroll C:\CertEnroll -FullAccess ...